UK utility companies faced a significant surge in cyberattacks in 2023, with 48 breaches recorded, marking a staggering 586% increase from the previous year, according to global specialty (re)insurance group Chaucer. The rise in incidents, partly attributed to state-backed hackers, has heightened concerns about potential infrastructure-targeted attacks amid escalating geopolitical tensions.
Utilities providing power and electricity are vital to the global economy, especially in an increasingly digitized world. Modern infrastructure, businesses, and daily activities rely heavily on a consistent and secure power supply. In a more concerning context, power is also crucial for modern warfare, fueling everything from batteries for handheld equipment to drones and sophisticated communications systems. The dependency on electricity makes it a strategic resource akin to fossil fuels, underscoring the potential impact of cyberattacks on utility companies.
“Its suspected that the increase in cyber breaches is being driven in part by growing efforts from state backed hackers targeting critical UK infrastructure.”
Ben Marsh, Class Underwriter, Chaucer.
Chaucer’s data reveals that sensitive information of 140,000 individuals was compromised last year, a dramatic 714% rise from the 17,000 affected in 2022. Ben Marsh, Class Underwriter at Chaucer, attributes the increased vulnerability of utility companies, integral to the UK’s critical infrastructure, to the geopolitical climate, particularly following the onset of the Ukraine war in 2022. The International Energy Agency had previously warned about a rise in cyberattacks on European energy infrastructure.
“Lucrative Targets”
In 2023, Ofcom, the UK’s telecoms and broadcast regulator, reported an average of 30,000 weekly attempted cyber intrusions. Marsh suggests that state-backed hackers increasingly target critical UK infrastructure, contributing to the surge in breaches. In addition, conventional cybercriminals continue to exploit utility companies, attracted by the extensive personal data these companies hold, including financial details and home addresses.
“The breadth of personal information held by utility companies, from bank details to home addresses, makes them lucrative targets for hackers who can exploit or sell this data on the dark web,” Marsh explains. The aftermath of cyberattacks often includes significant reputational and operational damage, making companies more susceptible to ransomware attacks.
Chaucer emphasizes the necessity for utility companies to enhance their cybersecurity measures to safeguard both corporate and customer data. As cyber threats evolve, maintaining up-to-date security standards is crucial for protecting sensitive information and mitigating the risks posed by both state-sponsored and conventional cybercriminals.
Source: 48 cyber breaches of utility companies recorded last year, a 586% increase on 2022.
Other News: Will AI Help the Hackers or Cyber Carriers More?(Opens in a new browser tab)
Other News: Ransomware dominated by Russian threat operations.